Machine Learning Enabled Security Platform

OBJECTIVES/GOAL

Our customer wanted to develop a comprehensive Security platform providing NGFW, IPS and WAF integrated. They want this platform to allow plugging-in of their own proprietary ML based security module. Additionally, they want the platform to support monitoring and scanning of traffic at up to 15 Gbps rate.

CHALLENGES
  • Integrating so many diverse pieces of open-source software such as DPDK, VPP, snort, ssl-split, ModSec etc.
  • Achieving 15mbps of throughput with CPU intensive services such as Snort, ML and ModSec.
ACCOMPLISHMENTS

Developed the security platform, integrated and tested the following security features:-

  • Web Application Firewall with OWASP Top 10 checks,
  • Intrusion Detection and Prevention,
  • Spyware, Ransomware, and Advanced Persistent Threat using Machine learning.
  • Added support for running multiple concurrent instances of different security services.
TECHNOLOGIES

DPDK, VPP, Snort, ModSec, SSl-Split

SOLUTION ARCHITECTURE
  • Used DPDK + VPP software stack to provide the Layer 2-4 networking and stateful firewall.
  • Utilized open-source components for IPS (Snort), SSL proxy (Openssl & SSL-split) and WAF(ModSec).
  • By fully harnessing the power of multicore CPUs and using multiple instances of individual services, we were able to split the load between services and process multiple sessions in parallel.
  • We defined configurable service chain rules per flow of packets to make sure a packet is received and handled by only the services configured.
  • Utilized Intel Hyperscan technology to speed up pattern and signature matching for ML.